aws-sdk-core 3.130.2 → 3.132.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +42 -1
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +5 -10
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +6 -7
- data/lib/aws-sdk-core/ecs_credentials.rb +5 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +5 -0
- data/lib/aws-sdk-core/pageable_response.rb +7 -0
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +3 -3
- data/lib/aws-sdk-core/process_credentials.rb +6 -9
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/shared_config.rb +2 -0
- data/lib/aws-sdk-core/sso_credentials.rb +8 -12
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-sso/client.rb +42 -14
- data/lib/aws-sdk-sso/types.rb +29 -20
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +14 -5
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +10 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 834ced1c0e2ea4d743b2fc0cbe70ed75d6bcf57385521cd3c6ecded7e2eba288
|
4
|
+
data.tar.gz: cb7e8f63bc55a0ac685f0c1545fe95433e1b9a6397f4a41d264e3e01364772c0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4363ba1ee176a0656ca650ece2c0f816ccdb2e1dedc95db49c67d1277b90a6f797f5fbe3c7096de2a7b0335b47d02bfe127ea94d07f00961ce6e5b8a6380b120
|
7
|
+
data.tar.gz: 42518b3ea0ba92f776c1422f1c87b300c6bcd916e220184378b139987c5e00ad41d801231b1ce0c7c77ff88fa202de0bc22bb451887e00fbe6598f01cac5163d
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,47 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.132.0 (2022-08-08)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
8
|
+
|
9
|
+
3.131.6 (2022-08-03)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Issue - Fix typo in `RecursionDetection`, change amz to amzn in header and env name.
|
13
|
+
|
14
|
+
3.131.5 (2022-07-28)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Issue - Fix `to_json` usage in nested hashes by defining `as_json` (#2733).
|
18
|
+
|
19
|
+
3.131.4 (2022-07-27)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Issue - Fix `to_json` usage on pageable responses when using Rails (#2733).
|
23
|
+
* Issue - Use `expand_path` on credential/config paths in SharedConfig (#2735).
|
24
|
+
|
25
|
+
3.131.3 (2022-07-18)
|
26
|
+
------------------
|
27
|
+
|
28
|
+
* Issue - Add support for serializing shapes on the body with `jsonvalue` members.
|
29
|
+
|
30
|
+
3.131.2 (2022-06-20)
|
31
|
+
------------------
|
32
|
+
|
33
|
+
* Issue - Populate context :request_id for XML error responses.
|
34
|
+
|
35
|
+
3.131.1 (2022-05-20)
|
36
|
+
------------------
|
37
|
+
|
38
|
+
* Issue - Bump the minimum version of `jmespath` dependency.
|
39
|
+
|
40
|
+
3.131.0 (2022-05-16)
|
41
|
+
------------------
|
42
|
+
|
43
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
44
|
+
|
4
45
|
3.130.2 (2022-04-22)
|
5
46
|
------------------
|
6
47
|
|
@@ -50,7 +91,7 @@ Unreleased Changes
|
|
50
91
|
3.126.2 (2022-02-16)
|
51
92
|
------------------
|
52
93
|
|
53
|
-
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
94
|
+
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
54
95
|
* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
|
55
96
|
|
56
97
|
3.126.1 (2022-02-14)
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.132.0
|
@@ -3,25 +3,20 @@
|
|
3
3
|
require 'set'
|
4
4
|
|
5
5
|
module Aws
|
6
|
-
|
7
|
-
#
|
8
|
-
# a role via {Aws::STS::Client#assume_role}.
|
6
|
+
# An auto-refreshing credential provider that assumes a role via
|
7
|
+
# {Aws::STS::Client#assume_role}.
|
9
8
|
#
|
10
9
|
# role_credentials = Aws::AssumeRoleCredentials.new(
|
11
10
|
# client: Aws::STS::Client.new(...),
|
12
11
|
# role_arn: "linked::account::arn",
|
13
12
|
# role_session_name: "session-name"
|
14
13
|
# )
|
15
|
-
#
|
16
14
|
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
17
15
|
#
|
18
|
-
# If you omit `:client` option, a new {STS::Client} object will be
|
19
|
-
# constructed.
|
16
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
17
|
+
# constructed with additional options that were provided.
|
20
18
|
#
|
21
|
-
#
|
22
|
-
# that can be used to help manage refreshing tokens.
|
23
|
-
# `before_refresh` is called when AWS credentials are required and need
|
24
|
-
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
19
|
+
# @see Aws::STS::Client#assume_role
|
25
20
|
class AssumeRoleCredentials
|
26
21
|
|
27
22
|
include CredentialProvider
|
@@ -5,9 +5,8 @@ require 'securerandom'
|
|
5
5
|
require 'base64'
|
6
6
|
|
7
7
|
module Aws
|
8
|
-
|
9
|
-
#
|
10
|
-
# a role via {Aws::STS::Client#assume_role_with_web_identity}.
|
8
|
+
# An auto-refreshing credential provider that assumes a role via
|
9
|
+
# {Aws::STS::Client#assume_role_with_web_identity}.
|
11
10
|
#
|
12
11
|
# role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
|
13
12
|
# client: Aws::STS::Client.new(...),
|
@@ -16,12 +15,12 @@ module Aws
|
|
16
15
|
# role_session_name: "session-name"
|
17
16
|
# ...
|
18
17
|
# )
|
19
|
-
#
|
20
|
-
# @see Aws::STS::Client#assume_role_with_web_identity
|
18
|
+
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
21
19
|
#
|
20
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
21
|
+
# constructed with additional options that were provided.
|
22
22
|
#
|
23
|
-
#
|
24
|
-
# constructed.
|
23
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
25
24
|
class AssumeRoleWebIdentityCredentials
|
26
25
|
|
27
26
|
include CredentialProvider
|
@@ -4,6 +4,11 @@ require 'time'
|
|
4
4
|
require 'net/http'
|
5
5
|
|
6
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# instances running in ECS.
|
9
|
+
#
|
10
|
+
# ecs_credentials = Aws::ECSCredentials.new(retries: 3)
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
|
7
12
|
class ECSCredentials
|
8
13
|
|
9
14
|
include CredentialProvider
|
@@ -4,6 +4,11 @@ require 'time'
|
|
4
4
|
require 'net/http'
|
5
5
|
|
6
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# EC2 instances.
|
9
|
+
#
|
10
|
+
# instance_credentials = Aws::InstanceProfileCredentials.new
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: instance_credentials)
|
7
12
|
class InstanceProfileCredentials
|
8
13
|
include CredentialProvider
|
9
14
|
include RefreshingCredentials
|
@@ -146,6 +146,13 @@ module Aws
|
|
146
146
|
data.to_h
|
147
147
|
end
|
148
148
|
|
149
|
+
def as_json(_options = {})
|
150
|
+
data.to_h(data, as_json: true)
|
151
|
+
end
|
152
|
+
|
153
|
+
def to_json(options = {})
|
154
|
+
as_json.to_json(options)
|
155
|
+
end
|
149
156
|
end
|
150
157
|
|
151
158
|
# The actual decorator module implementation. It is in a distinct module
|
@@ -11,15 +11,43 @@ module Aws
|
|
11
11
|
|
12
12
|
def call(context)
|
13
13
|
context.operation.input.shape.members.each do |m, ref|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
14
|
+
convert_jsonvalue(m, ref, context.params, 'params')
|
15
|
+
end
|
16
|
+
@handler.call(context)
|
17
|
+
end
|
18
|
+
|
19
|
+
def convert_jsonvalue(m, ref, params, context)
|
20
|
+
return if params.nil? || !params.key?(m)
|
21
|
+
|
22
|
+
if ref['jsonvalue']
|
23
|
+
params[m] = serialize_jsonvalue(params[m], "#{context}[#{m}]")
|
24
|
+
else
|
25
|
+
case ref.shape
|
26
|
+
when Seahorse::Model::Shapes::StructureShape
|
27
|
+
ref.shape.members.each do |member_m, ref|
|
28
|
+
convert_jsonvalue(member_m, ref, params[m], "#{context}[#{m}]")
|
29
|
+
end
|
30
|
+
when Seahorse::Model::Shapes::ListShape
|
31
|
+
if ref.shape.member['jsonvalue']
|
32
|
+
params[m] = params[m].each_with_index.map do |v, i|
|
33
|
+
serialize_jsonvalue(v, "#{context}[#{m}][#{i}]")
|
34
|
+
end
|
35
|
+
end
|
36
|
+
when Seahorse::Model::Shapes::MapShape
|
37
|
+
if ref.shape.value['jsonvalue']
|
38
|
+
params[m].each do |k, v|
|
39
|
+
params[m][k] = serialize_jsonvalue(v, "#{context}[#{m}][#{k}]")
|
40
|
+
end
|
18
41
|
end
|
19
|
-
context.params[m] = param_value.to_json
|
20
42
|
end
|
21
43
|
end
|
22
|
-
|
44
|
+
end
|
45
|
+
|
46
|
+
def serialize_jsonvalue(v, context)
|
47
|
+
unless v.respond_to?(:to_json)
|
48
|
+
raise ArgumentError, "The value of #{context} is not JSON serializable."
|
49
|
+
end
|
50
|
+
v.to_json
|
23
51
|
end
|
24
52
|
|
25
53
|
end
|
@@ -9,10 +9,10 @@ module Aws
|
|
9
9
|
class Handler < Seahorse::Client::Handler
|
10
10
|
def call(context)
|
11
11
|
|
12
|
-
unless context.http_request.headers.key?('x-
|
12
|
+
unless context.http_request.headers.key?('x-amzn-trace-id')
|
13
13
|
if ENV['AWS_LAMBDA_FUNCTION_NAME'] &&
|
14
|
-
(trace_id = ENV['
|
15
|
-
context.http_request.headers['x-
|
14
|
+
(trace_id = ENV['_X_AMZN_TRACE_ID'])
|
15
|
+
context.http_request.headers['x-amzn-trace-id'] = trace_id
|
16
16
|
end
|
17
17
|
end
|
18
18
|
@handler.call(context)
|
@@ -1,19 +1,16 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Aws
|
4
|
-
|
5
4
|
# A credential provider that executes a given process and attempts
|
6
|
-
# to read its stdout to recieve a JSON payload containing the credentials
|
7
|
-
#
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
9
|
-
# provided in the credentials payload
|
10
|
-
#
|
11
|
-
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
5
|
+
# to read its stdout to recieve a JSON payload containing the credentials.
|
12
6
|
#
|
7
|
+
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
|
13
8
|
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
14
9
|
#
|
15
|
-
#
|
16
|
-
#
|
10
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
11
|
+
# provided in the credentials payload.
|
12
|
+
#
|
13
|
+
# @see https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
|
17
14
|
class ProcessCredentials
|
18
15
|
|
19
16
|
include CredentialProvider
|
@@ -51,10 +51,12 @@ module Aws
|
|
51
51
|
@config_enabled = options[:config_enabled]
|
52
52
|
@credentials_path = options[:credentials_path] ||
|
53
53
|
determine_credentials_path
|
54
|
+
@credentials_path = File.expand_path(@credentials_path) if @credentials_path
|
54
55
|
@parsed_credentials = {}
|
55
56
|
load_credentials_file if loadable?(@credentials_path)
|
56
57
|
if @config_enabled
|
57
58
|
@config_path = options[:config_path] || determine_config_path
|
59
|
+
@config_path = File.expand_path(@config_path) if @config_path
|
58
60
|
load_config_file if loadable?(@config_path)
|
59
61
|
end
|
60
62
|
end
|
@@ -1,17 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Aws
|
4
|
-
# An auto-refreshing credential provider that
|
5
|
-
#
|
6
|
-
# token.
|
4
|
+
# An auto-refreshing credential provider that assumes a role via
|
5
|
+
# {Aws::SSO::Client#get_role_credentials} using a cached access
|
6
|
+
# token. This class does NOT implement the SSO login token flow - tokens
|
7
7
|
# must generated and refreshed separately by running `aws login` from the
|
8
8
|
# AWS CLI with the correct profile.
|
9
9
|
#
|
10
|
-
# For more background on AWS SSO see the official
|
11
|
-
# {https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html what is SSO Userguide}
|
12
|
-
#
|
13
|
-
# ## Refreshing Credentials from SSO
|
14
|
-
#
|
15
10
|
# The `SSOCredentials` will auto-refresh the AWS credentials from SSO. In
|
16
11
|
# addition to AWS credentials expiring after a given amount of time, the
|
17
12
|
# access token generated and cached from `aws login` will also expire.
|
@@ -20,7 +15,6 @@ module Aws
|
|
20
15
|
# the token value, but this can be done by running `aws login` with the
|
21
16
|
# correct profile.
|
22
17
|
#
|
23
|
-
#
|
24
18
|
# # You must first run aws sso login --profile your-sso-profile
|
25
19
|
# sso_credentials = Aws::SSOCredentials.new(
|
26
20
|
# sso_account_id: '123456789',
|
@@ -28,11 +22,13 @@ module Aws
|
|
28
22
|
# sso_region: "us-east-1",
|
29
23
|
# sso_start_url: 'https://your-start-url.awsapps.com/start'
|
30
24
|
# )
|
31
|
-
#
|
32
25
|
# ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
|
33
26
|
#
|
34
|
-
# If you omit `:client` option, a new {SSO::Client} object will be
|
35
|
-
# constructed.
|
27
|
+
# If you omit `:client` option, a new {Aws::SSO::Client} object will be
|
28
|
+
# constructed with additional options that were provided.
|
29
|
+
#
|
30
|
+
# @see Aws::SSO::Client#get_role_credentials
|
31
|
+
# @see https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
|
36
32
|
class SSOCredentials
|
37
33
|
|
38
34
|
include CredentialProvider
|
@@ -28,18 +28,20 @@ module Aws
|
|
28
28
|
# in stdlib Struct.
|
29
29
|
#
|
30
30
|
# @return [Hash]
|
31
|
-
def to_h(obj = self)
|
31
|
+
def to_h(obj = self, options = {})
|
32
32
|
case obj
|
33
33
|
when Struct
|
34
34
|
obj.each_pair.with_object({}) do |(member, value), hash|
|
35
|
-
|
35
|
+
member = member.to_s if options[:as_json]
|
36
|
+
hash[member] = to_hash(value, options) unless value.nil?
|
36
37
|
end
|
37
38
|
when Hash
|
38
39
|
obj.each.with_object({}) do |(key, value), hash|
|
39
|
-
|
40
|
+
key = key.to_s if options[:as_json]
|
41
|
+
hash[key] = to_hash(value, options)
|
40
42
|
end
|
41
43
|
when Array
|
42
|
-
obj.collect { |value| to_hash(value) }
|
44
|
+
obj.collect { |value| to_hash(value, options) }
|
43
45
|
else
|
44
46
|
obj
|
45
47
|
end
|
@@ -24,6 +24,7 @@ module Aws
|
|
24
24
|
else
|
25
25
|
code, message, data = extract_error(body, context)
|
26
26
|
end
|
27
|
+
context[:request_id] = request_id(body)
|
27
28
|
errors_module = context.client.class.errors_module
|
28
29
|
error_class = errors_module.error_class(code).new(context, message, data)
|
29
30
|
error_class
|
@@ -94,6 +95,12 @@ module Aws
|
|
94
95
|
end
|
95
96
|
end
|
96
97
|
|
98
|
+
def request_id(body)
|
99
|
+
if matches = body.match(/<RequestId>(.+?)<\/RequestId>/m)
|
100
|
+
matches[1]
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
97
104
|
def unescape(str)
|
98
105
|
CGI.unescapeHTML(str)
|
99
106
|
end
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -358,11 +358,13 @@ module Aws::SSO
|
|
358
358
|
# The friendly name of the role that is assigned to the user.
|
359
359
|
#
|
360
360
|
# @option params [required, String] :account_id
|
361
|
-
# The identifier for the
|
361
|
+
# The identifier for the Amazon Web Services account that is assigned to
|
362
|
+
# the user.
|
362
363
|
#
|
363
364
|
# @option params [required, String] :access_token
|
364
365
|
# The token issued by the `CreateToken` API call. For more information,
|
365
|
-
# see [CreateToken][1] in the *
|
366
|
+
# see [CreateToken][1] in the *Amazon Web Services SSO OIDC API
|
367
|
+
# Reference Guide*.
|
366
368
|
#
|
367
369
|
#
|
368
370
|
#
|
@@ -396,7 +398,8 @@ module Aws::SSO
|
|
396
398
|
req.send_request(options)
|
397
399
|
end
|
398
400
|
|
399
|
-
# Lists all roles that are assigned to the user for a given
|
401
|
+
# Lists all roles that are assigned to the user for a given Amazon Web
|
402
|
+
# Services account.
|
400
403
|
#
|
401
404
|
# @option params [String] :next_token
|
402
405
|
# The page token from the previous response output when you request
|
@@ -407,14 +410,16 @@ module Aws::SSO
|
|
407
410
|
#
|
408
411
|
# @option params [required, String] :access_token
|
409
412
|
# The token issued by the `CreateToken` API call. For more information,
|
410
|
-
# see [CreateToken][1] in the *
|
413
|
+
# see [CreateToken][1] in the *Amazon Web Services SSO OIDC API
|
414
|
+
# Reference Guide*.
|
411
415
|
#
|
412
416
|
#
|
413
417
|
#
|
414
418
|
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
415
419
|
#
|
416
420
|
# @option params [required, String] :account_id
|
417
|
-
# The identifier for the
|
421
|
+
# The identifier for the Amazon Web Services account that is assigned to
|
422
|
+
# the user.
|
418
423
|
#
|
419
424
|
# @return [Types::ListAccountRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
420
425
|
#
|
@@ -448,10 +453,11 @@ module Aws::SSO
|
|
448
453
|
req.send_request(options)
|
449
454
|
end
|
450
455
|
|
451
|
-
# Lists all
|
452
|
-
# assigned by the administrator of the
|
453
|
-
# see [Assign User Access][1] in the
|
454
|
-
# operation returns a
|
456
|
+
# Lists all Amazon Web Services accounts assigned to the user. These
|
457
|
+
# Amazon Web Services accounts are assigned by the administrator of the
|
458
|
+
# account. For more information, see [Assign User Access][1] in the
|
459
|
+
# *Amazon Web Services SSO User Guide*. This operation returns a
|
460
|
+
# paginated response.
|
455
461
|
#
|
456
462
|
#
|
457
463
|
#
|
@@ -466,7 +472,8 @@ module Aws::SSO
|
|
466
472
|
#
|
467
473
|
# @option params [required, String] :access_token
|
468
474
|
# The token issued by the `CreateToken` API call. For more information,
|
469
|
-
# see [CreateToken][1] in the *
|
475
|
+
# see [CreateToken][1] in the *Amazon Web Services SSO OIDC API
|
476
|
+
# Reference Guide*.
|
470
477
|
#
|
471
478
|
#
|
472
479
|
#
|
@@ -504,12 +511,33 @@ module Aws::SSO
|
|
504
511
|
req.send_request(options)
|
505
512
|
end
|
506
513
|
|
507
|
-
# Removes the
|
508
|
-
# the
|
514
|
+
# Removes the locally stored SSO tokens from the client-side cache and
|
515
|
+
# sends an API call to the Amazon Web Services SSO service to invalidate
|
516
|
+
# the corresponding server-side Amazon Web Services SSO sign in session.
|
517
|
+
#
|
518
|
+
# <note markdown="1"> If a user uses Amazon Web Services SSO to access the AWS CLI, the
|
519
|
+
# user’s Amazon Web Services SSO sign in session is used to obtain an
|
520
|
+
# IAM session, as specified in the corresponding Amazon Web Services SSO
|
521
|
+
# permission set. More specifically, Amazon Web Services SSO assumes an
|
522
|
+
# IAM role in the target account on behalf of the user, and the
|
523
|
+
# corresponding temporary Amazon Web Services credentials are returned
|
524
|
+
# to the client.
|
525
|
+
#
|
526
|
+
# After user logout, any existing IAM role sessions that were created by
|
527
|
+
# using Amazon Web Services SSO permission sets continue based on the
|
528
|
+
# duration configured in the permission set. For more information, see
|
529
|
+
# [User authentications][1] in the *Amazon Web Services SSO User Guide*.
|
530
|
+
#
|
531
|
+
# </note>
|
532
|
+
#
|
533
|
+
#
|
534
|
+
#
|
535
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
|
509
536
|
#
|
510
537
|
# @option params [required, String] :access_token
|
511
538
|
# The token issued by the `CreateToken` API call. For more information,
|
512
|
-
# see [CreateToken][1] in the *
|
539
|
+
# see [CreateToken][1] in the *Amazon Web Services SSO OIDC API
|
540
|
+
# Reference Guide*.
|
513
541
|
#
|
514
542
|
#
|
515
543
|
#
|
@@ -545,7 +573,7 @@ module Aws::SSO
|
|
545
573
|
params: params,
|
546
574
|
config: config)
|
547
575
|
context[:gem_name] = 'aws-sdk-core'
|
548
|
-
context[:gem_version] = '3.
|
576
|
+
context[:gem_version] = '3.132.0'
|
549
577
|
Seahorse::Client::Request.new(handlers, context)
|
550
578
|
end
|
551
579
|
|
data/lib/aws-sdk-sso/types.rb
CHANGED
@@ -10,18 +10,21 @@
|
|
10
10
|
module Aws::SSO
|
11
11
|
module Types
|
12
12
|
|
13
|
-
# Provides information about your
|
13
|
+
# Provides information about your Amazon Web Services account.
|
14
14
|
#
|
15
15
|
# @!attribute [rw] account_id
|
16
|
-
# The identifier of the
|
16
|
+
# The identifier of the Amazon Web Services account that is assigned
|
17
|
+
# to the user.
|
17
18
|
# @return [String]
|
18
19
|
#
|
19
20
|
# @!attribute [rw] account_name
|
20
|
-
# The display name of the
|
21
|
+
# The display name of the Amazon Web Services account that is assigned
|
22
|
+
# to the user.
|
21
23
|
# @return [String]
|
22
24
|
#
|
23
25
|
# @!attribute [rw] email_address
|
24
|
-
# The email address of the
|
26
|
+
# The email address of the Amazon Web Services account that is
|
27
|
+
# assigned to the user.
|
25
28
|
# @return [String]
|
26
29
|
#
|
27
30
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/AccountInfo AWS API Documentation
|
@@ -48,13 +51,14 @@ module Aws::SSO
|
|
48
51
|
# @return [String]
|
49
52
|
#
|
50
53
|
# @!attribute [rw] account_id
|
51
|
-
# The identifier for the
|
54
|
+
# The identifier for the Amazon Web Services account that is assigned
|
55
|
+
# to the user.
|
52
56
|
# @return [String]
|
53
57
|
#
|
54
58
|
# @!attribute [rw] access_token
|
55
59
|
# The token issued by the `CreateToken` API call. For more
|
56
|
-
# information, see [CreateToken][1] in the *
|
57
|
-
# Guide*.
|
60
|
+
# information, see [CreateToken][1] in the *Amazon Web Services SSO
|
61
|
+
# OIDC API Reference Guide*.
|
58
62
|
#
|
59
63
|
#
|
60
64
|
#
|
@@ -118,8 +122,8 @@ module Aws::SSO
|
|
118
122
|
#
|
119
123
|
# @!attribute [rw] access_token
|
120
124
|
# The token issued by the `CreateToken` API call. For more
|
121
|
-
# information, see [CreateToken][1] in the *
|
122
|
-
# Guide*.
|
125
|
+
# information, see [CreateToken][1] in the *Amazon Web Services SSO
|
126
|
+
# OIDC API Reference Guide*.
|
123
127
|
#
|
124
128
|
#
|
125
129
|
#
|
@@ -127,7 +131,8 @@ module Aws::SSO
|
|
127
131
|
# @return [String]
|
128
132
|
#
|
129
133
|
# @!attribute [rw] account_id
|
130
|
-
# The identifier for the
|
134
|
+
# The identifier for the Amazon Web Services account that is assigned
|
135
|
+
# to the user.
|
131
136
|
# @return [String]
|
132
137
|
#
|
133
138
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRolesRequest AWS API Documentation
|
@@ -179,8 +184,8 @@ module Aws::SSO
|
|
179
184
|
#
|
180
185
|
# @!attribute [rw] access_token
|
181
186
|
# The token issued by the `CreateToken` API call. For more
|
182
|
-
# information, see [CreateToken][1] in the *
|
183
|
-
# Guide*.
|
187
|
+
# information, see [CreateToken][1] in the *Amazon Web Services SSO
|
188
|
+
# OIDC API Reference Guide*.
|
184
189
|
#
|
185
190
|
#
|
186
191
|
#
|
@@ -224,8 +229,8 @@ module Aws::SSO
|
|
224
229
|
#
|
225
230
|
# @!attribute [rw] access_token
|
226
231
|
# The token issued by the `CreateToken` API call. For more
|
227
|
-
# information, see [CreateToken][1] in the *
|
228
|
-
# Guide*.
|
232
|
+
# information, see [CreateToken][1] in the *Amazon Web Services SSO
|
233
|
+
# OIDC API Reference Guide*.
|
229
234
|
#
|
230
235
|
#
|
231
236
|
#
|
@@ -259,7 +264,8 @@ module Aws::SSO
|
|
259
264
|
# @!attribute [rw] access_key_id
|
260
265
|
# The identifier used for the temporary security credentials. For more
|
261
266
|
# information, see [Using Temporary Security Credentials to Request
|
262
|
-
# Access to
|
267
|
+
# Access to Amazon Web Services Resources][1] in the *Amazon Web
|
268
|
+
# Services IAM User Guide*.
|
263
269
|
#
|
264
270
|
#
|
265
271
|
#
|
@@ -268,8 +274,9 @@ module Aws::SSO
|
|
268
274
|
#
|
269
275
|
# @!attribute [rw] secret_access_key
|
270
276
|
# The key that is used to sign the request. For more information, see
|
271
|
-
# [Using Temporary Security Credentials to Request Access to
|
272
|
-
# Resources][1] in the *
|
277
|
+
# [Using Temporary Security Credentials to Request Access to Amazon
|
278
|
+
# Web Services Resources][1] in the *Amazon Web Services IAM User
|
279
|
+
# Guide*.
|
273
280
|
#
|
274
281
|
#
|
275
282
|
#
|
@@ -278,8 +285,9 @@ module Aws::SSO
|
|
278
285
|
#
|
279
286
|
# @!attribute [rw] session_token
|
280
287
|
# The token used for temporary credentials. For more information, see
|
281
|
-
# [Using Temporary Security Credentials to Request Access to
|
282
|
-
# Resources][1] in the *
|
288
|
+
# [Using Temporary Security Credentials to Request Access to Amazon
|
289
|
+
# Web Services Resources][1] in the *Amazon Web Services IAM User
|
290
|
+
# Guide*.
|
283
291
|
#
|
284
292
|
#
|
285
293
|
#
|
@@ -308,7 +316,8 @@ module Aws::SSO
|
|
308
316
|
# @return [String]
|
309
317
|
#
|
310
318
|
# @!attribute [rw] account_id
|
311
|
-
# The identifier of the
|
319
|
+
# The identifier of the Amazon Web Services account assigned to the
|
320
|
+
# user.
|
312
321
|
# @return [String]
|
313
322
|
#
|
314
323
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/RoleInfo AWS API Documentation
|
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -2145,6 +2145,14 @@ module Aws::STS
|
|
2145
2145
|
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
2146
2146
|
# operations][2] in the *IAM User Guide*.
|
2147
2147
|
#
|
2148
|
+
# <note markdown="1"> No permissions are required for users to perform this operation. The
|
2149
|
+
# purpose of the `sts:GetSessionToken` operation is to authenticate the
|
2150
|
+
# user using MFA. You cannot use policies to control authentication
|
2151
|
+
# operations. For more information, see [Permissions for
|
2152
|
+
# GetSessionToken][3] in the *IAM User Guide*.
|
2153
|
+
#
|
2154
|
+
# </note>
|
2155
|
+
#
|
2148
2156
|
# **Session Duration**
|
2149
2157
|
#
|
2150
2158
|
# The `GetSessionToken` operation must be called by using the long-term
|
@@ -2170,7 +2178,7 @@ module Aws::STS
|
|
2170
2178
|
#
|
2171
2179
|
# <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
|
2172
2180
|
# Services account root user credentials. Instead, follow our [best
|
2173
|
-
# practices][
|
2181
|
+
# practices][4] by creating one or more IAM users, giving them the
|
2174
2182
|
# necessary permissions, and using IAM users for everyday interaction
|
2175
2183
|
# with Amazon Web Services.
|
2176
2184
|
#
|
@@ -2186,14 +2194,15 @@ module Aws::STS
|
|
2186
2194
|
#
|
2187
2195
|
# For more information about using `GetSessionToken` to create temporary
|
2188
2196
|
# credentials, go to [Temporary Credentials for Users in Untrusted
|
2189
|
-
# Environments][
|
2197
|
+
# Environments][5] in the *IAM User Guide*.
|
2190
2198
|
#
|
2191
2199
|
#
|
2192
2200
|
#
|
2193
2201
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
2194
2202
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
2195
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2196
|
-
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2203
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
2204
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users
|
2205
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
2197
2206
|
#
|
2198
2207
|
# @option params [Integer] :duration_seconds
|
2199
2208
|
# The duration, in seconds, that the credentials should remain valid.
|
@@ -2290,7 +2299,7 @@ module Aws::STS
|
|
2290
2299
|
params: params,
|
2291
2300
|
config: config)
|
2292
2301
|
context[:gem_name] = 'aws-sdk-core'
|
2293
|
-
context[:gem_version] = '3.
|
2302
|
+
context[:gem_version] = '3.132.0'
|
2294
2303
|
Seahorse::Client::Request.new(handlers, context)
|
2295
2304
|
end
|
2296
2305
|
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.132.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-08-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|
@@ -16,14 +16,20 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1
|
19
|
+
version: '1'
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 1.6.1
|
20
23
|
type: :runtime
|
21
24
|
prerelease: false
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
24
27
|
- - "~>"
|
25
28
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1
|
29
|
+
version: '1'
|
30
|
+
- - ">="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 1.6.1
|
27
33
|
- !ruby/object:Gem::Dependency
|
28
34
|
name: aws-partitions
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|